Source URL: https://www.theregister.com/2024/10/10/cisa_ivanti_fortinet_vulns/
Source: The Register
Title: CISA adds fresh Ivanti vuln, critical Fortinet bug to hall of shame
Feedly Summary: Usual three-week window to address significant risks to federal agencies applies
The US Cybersecurity and Infrastructure Security Agency (CISA) says vulnerabilities in Fortinet and Ivanti products are now being exploited, earning them places in its Known Exploited Vulnerabilities (KEV) catalog.…
AI Summary and Description: Yes
Summary: The text highlights critical vulnerabilities in Fortinet and Ivanti products now being exploited, as cataloged by the US Cybersecurity and Infrastructure Security Agency (CISA). It underscores the importance of timely patching and offers temporary mitigation strategies, which are crucial for security professionals monitoring vulnerabilities in their infrastructure.
Detailed Description:
The provided text discusses newly identified vulnerabilities affecting Fortinet and Ivanti products, both of which have been recognized by CISA in its Known Exploited Vulnerabilities (KEV) catalog. The insights are particularly relevant for security and compliance professionals focused on infrastructure and application security.
– **Fortinet Vulnerability (CVE-2024-23113)**:
– Type: Format string vulnerability.
– Severity: Critical, rated 9.8.
– Affected Products: Multiple versions of FortiOS, FortiPAM, FortiProxy, and FortiWeb.
– Implication: Allows remote code execution through specially crafted packets posed to the fgfmd daemon in FortiOS.
– Mitigation: Users are urged to apply patches immediately. If immediate patching isn’t feasible, a temporary workaround is suggested involving the removal of fgfm access on vulnerable interfaces.
– **Ivanti Vulnerabilities**:
– **CVE-2024-9379**:
– Type: SQL injection vulnerability.
– Severity: Medium, rated 6.5.
– Affected Products: Ivanti Cloud Services Application (CSA), prior to version 5.0.2.
– Implication: Attackers can execute SQL code with admin privileges, posing significant risks.
– **CVE-2024-9380**:
– Type: OS command injection.
– Severity: High, rated 7.2.
– Implication: Directly leads to code execution vulnerabilities.
– **Additional Information**:
– Ivanti products experienced security challenges, with a focus on older versions like CSA 4.6 being specifically noted for vulnerability chaining with other weaknesses.
– Recommendations include running EDR tools on CSA devices and reviewing logs for potential compromises while pushing for an overall layered security approach.
– **Key Recommendations**:
– Immediate application of security patches to mitigate risks.
– Consider use of temporary workarounds if patching cannot be performed.
– Implementing a robust security posture, including EDR and regular system audits, to safeguard against exploitation.
These insights stress the ongoing challenge organizations face with rapidly evolving security threats and the critical need for proactive measures in vulnerability management and compliance adherence.